All geek questions in one place

Laravel send password reset link to a separate defender

In Laravel 5.4, is there a way to send a reset password for a separate authentication tool instead of the standard one. I use the default PasswordResetController , which does the job this way

  public function company(Request $request) { $this->validate(request(), [ 'email' => 'required|email', ]); $response = Password::sendResetLink([ 'email' => $request->email ]); //overridden if condition if($response == "passwords.sent") { return back()->with('message','Password reset link has been sent, please check your email'); } return back()->with('message', 'No such email address in our records, try again'); }

The sendResetLink() method checks and sends the reset link to the default guard, but I define a new guard in auth.php called web

  'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'companies', ],

sendResetLink method is similar to this

  public function sendResetLink(array $credentials) { // First we will check to see if we found a user at the given credentials and // if we did not we will redirect back to this current URI with a piece of // "flash" data in the session to indicate to the developers the errors. $user = $this->getUser($credentials); if (is_null($user)) { return static::INVALID_USER; }

Any way for this method to check a separate table or use a separate protector?

+5
source share
4 answers

In the auth.php configuration file, you can configure several "guards" that can be used to determine the authentication behavior for several user tables. You can configure the included ResetPasswordController to use the protector of your choice by overriding the protection method on the controller. This method should return a security instance:

 protected function guard() { return Auth::guard('guard-name'); }

The magic is to use broker - PasswordBroker for your customizable protector. But you must configure several password brokers in the auth.php configuration file.

 protected function broker() { return Password::broker('name'); }
+2
source

Here is my connection method to send the reset password to the protector , which is part of the multi-auth system.

I am going to assume that you have correctly installed the new guard in config/auth.php which might look like this:

I use the word admin for the new guard name for a better understanding.

 'guards' => [ 'admin' => [ 'driver' => 'session', 'provider' => 'admins', ], ] 'providers' => [ 'admins' => [ 'driver' => 'eloquent', 'model' => App\Admin::class, ], ] 'passwords' => [ 'admins' => [ 'provider' => 'admins', 'table' => 'password_resets', 'expire' => 15, ], ]

You will need to create new controllers ( AdminForgotPasswordController and AdminResetPasswordController ) for the new defender

Both of them use the Password facade, and the AdminResetPasswordController also uses the Auth facade.

Change the build function to suit your new defender.
So add this for both controllers because we have a specific type of guest user.

 public function __construct() { $this->middleware('guest:admin'); }

Now we need to say AdminResetPasswordController in order to use proper authentication protection.

So add this method to the controller

 protected function guard() { return Auth::guard('admin'); }

Now add this piece of code to both controllers.

 protected function broker() { return Password::broker('admins'); //set password broker name according to guard which you have set in config/auth.php }

Note: This is not the only step to implement a reset password for protection, you will have to take other steps, such as creating new routes, notifications, forms and corresponding views.

+6
source

I assume that you are saying that the user provider does not protect. At least in your configuration file you changed the provider (company) and saved the default setting (session).

If the difference between provider and security is still vague, then a good explanation in the documentation can be found right here :

At its core, Laravel authentication tools consist of โ€œguardsโ€ and โ€œprovidersโ€. Guards determine how users authenticate for each request. Laravel is sent with session protection, which maintains state using session storage and cookies.

Vendors determine how users are retrieved from your persistent storage.

If your custom provider does not check if it is registered correctly.

Step 1. V. /config/auth.php find the registration of "providers". In your case, the "providers" should be the supplier companies, that is:

 'providers' => [ 'companies' => [ 'driver' => 'customprovidername', /* ... other needed conf parameters for custom provider ...*/ ] /*... other available providers ...*/ ],

customprovider name is all that you have chosen, and it is nothing but the name used as the first parameter in Auth :: provider when registering your custom provider in the system. It can even be companies. If this is eloquent, you are certainly still using the Laravel provider, not your custom provider, and there is your mistake.

Step 2. Find where the user provider named customprovidername is registered. He is usually registered with a service provider located at. /app/Providers/AuthServiceProvider.php. Search "_ Auth :: provider ('customprovidername', [/ * ... your custom provider ... * /]" _

Step 3. Confirm that / * ... your user provider ... * / code will register your user provider, and this is not some kind of copy of the past that initializes the default provider for rare people again.

More information on registering a custom provider can be found here .

0
source

How about pakage ... I used the following package and it works fine for me with laravel 5.4 ... you can configure full auth for as many tables as possible ...

https://github.com/Hesto/multi-auth

0
source

Source: https://habr.com/ru/post/1274534/

More articles:


All Articles